Getting started with Full-Disk Encryption Status policies

Full-Disk Encryption Status policies control the collection of information about the full-disk encryption (FDE) products installed on your Windows and Mac devices. These policies also collect the encryption status of each device's system drive. The collected information is made available in reports.

FDE products detected by the Absolute agent

You can activate Full-Disk Encryption Status policies on devices running a supported version of the Windows or macOS operating system. To see encryption status information in the console, each device's Absolute agent must be regularly connecting to the Absolute Monitoring Center.

The ESP component A lightweight software component of the Absolute agent that detects encryption products installed on a Windows or Mac device, and the encryption status of the device's system drives. The Encryption Status (ESP) component is deployed on a device only when the device is associated with a policy group in which the Full-Disk Encryption Status policy is activated. of the Absolute agent is responsible for collecting all available information about the full-disk encryption products installed on your devices. The component also detects whether each device's system drive is encrypted. When you activate a Full-Disk Encryption Status policy, the ESP component is activated on each device after the next successful agent connection to the Absolute Monitoring Center.

After the component is deployed, it detects the available information on the device, encrypts the information, and uploads it to the database using a secure connection that is independent of the device's scheduled connection to the Absolute Monitoring Center. Going forward, the ESP component performs an hourly scan of the device. If a change is detected, the new information is uploaded on the device's next agent connection, which is typically within the next 15 minutes if the device is online. A full scan is also uploaded every 24 hours.

The Full-Disk Encryption Status policy collects available encryption information from each device, such as:

  • Name of the encryption product
  • Details about the encryption of the device's system drive
  • Encryption product version

By default, the Global Policy Group includes a preconfigured Full-Disk Encryption Status policy. The policy's status is set to Inactive. Although you can activate the policy in the Global Policy Group, best practice is to create custom policy groups and activate each policy group's Full-Disk Encryption Status policy, as required.

After you've activated the Full-Disk Encryption Status policy, you can view the collected information in the Full-Disk Encryption Status report. You can also add encryption-related columns to other pages and reports, such as:

You can also view the Encryption Status of a device's system drive on the device's Device Details page.

After you've activated the Full-Disk Encryption Status policy, you can open the Dashboard to see summarized full-disk encryption status information at-a-glance.